As hackers around the world are taking advantage of the current situation, accelerating the attempts to spread infection and gain access to organizations’ data, your enterprise is more vulnerable than ever. With millions of strains of unknown malware and sophisticated evasion techniques, stopping today’s most dangerous attacks requires a deep level of inspection.

According to a research from last month, 39% of security professionals are not so confident in the resilience of their current Endpoint Protection solution against advanced cyber-attacks [1].

In this blog will review five important principles to follow when choosing your next Endpoint Protection solution: prevention, a multi-layered security approach, cloud management, remediation and industry validation.

Prevention, not detection

It costs less to prevent an attack, than to detect and remediate it after it has breached the network. Therefore, Check Point’s approach to cybersecurity focuses on prevention. SandBlast Agent and SandBlast Mobile include several unique endpoint prevention techniques, including:

Zero Phishing – Phishing attacks use fraudulent emails, messages, and social applications to trick users into divulging sensitive data. Check Point’s Zero-Phishing engine provides the broadest phishing protection in the market. It scans websites and forms followed by a deep heuristic analysis (includes reputation, similarity algorithms, detection of image-only websites, lookalike favicons, and more) that detects and blocks phishing attacks. The engine is integrated both in Check Point’s Mobile Security solution and in the Endpoint Security solution.

Exploits Preventions – Most successful attacks simply exploit known vulnerabilities that have been left unpatched. SandBlast Agent and SandBlast Mobile identify critical applications and OS vulnerabilities and prevents their exploitation.

Download Prevention – Preventing the download of malicious applications and files blocks the attack at the earliest possible stage using Artificial Intelligence (AI) models that blocks the download immediately, also on https traffic.

Anti-Bot –Monitors all the network traffic of the devices and blocks connections to malicious websites based on dynamic intelligence provided by ThreatCloud™ reputation service

Multi-Layered advanced technology

91% of security professionals agree that in the past 3 years, the sophistication of cyber-attacks has increased [1].

With millions of strains of unknown malware and sophisticated evasion techniques, stopping today’s most dangerous attacks requires a deep level of inspection. Antiviruses, traditional sandboxing, traditional Endpoint Protection products, UEM tools and even most Enterprise Mobile Security solutions are not providing this level of inspection. They use traditional detection methods, such as signatures or rules, which can’t detect sophisticated, unknown malware and phishing attacks. SandBlast is designed to prevent today’s complex attacks by using a multi-layered technology that includes:

ThreatCloud™ – a collaborative knowledge base that shares dynamic, real-time security intelligence across Check Point’s security solutions, using feeds from sensors around the globe and the research labs. The resulting up-to-the-minute security intelligence is shared across the entire product line.

Cloud-based Risk Engine – Received indicators collected on devices, such as the domain or IP, and returns a risk, calculated using advanced risk probability and similarity algorithms.

Cloud-based advanced sandboxing – Threat Emulation is the only sandboxing solution that combines the power of CPU-level and OS-level The Endpoint Protection is extended by sending files and applications to sandboxing analysis in the cloud.

Cloud-based management and simple deployment

Remote, expandable, fully redundant and easy-to-use management is important now more than ever. SandBlast Agent cloud management and SandBlast Mobile cloud dashboard provide all that and enable provisioning and monitoring of devices and policies from the cloud, while keeping full redundancy and automatic backup of the system.

SandBlast Agent and SandBlast Mobile can be deployed using the cloud management in three simple steps.

Figure 1 SandBlast Agent Deployment

Figure 2 SandBlast Mobile Deployment

Post-infection remediation

Even if an organization is equipped with the most comprehensive, state-of-the-art security products, the risk of being breached cannot be completely eliminated. Therefore, strong attack containment and remediation capabilities are critical. SandBlast solution includes robust remediation capabilities:

The only solution that automatically remediates the entire cyber kill chain and restores the device to the last clean point.

SandBlast Anti-Ransomware engine recovers encrypted files regardless of the encryption used, by taking pre-infection snapshot of the system

Incident Response –Advanced algorithms and a deep analysis of the raw forensic data help building a comprehensive incident summary with actionable attack information allowing system administrators and incident response teams to effectively triage and resolve

Industry validation

Independent evaluation, comparing the effectiveness, performance and simplicity of competing products is an important criterion when choosing security solutions.

This is achieved by applying a multi-layered, advanced technology that combines Artificial Intelligence, the largest threat intelligence hub in the world, advanced sandboxing, reputation service, deep behavioral analysis and more.

The solution can be managed from any location using the cloud-based management solution, with intuitive and simple-to-use deployment and configuration solutions and with effective remediation techniques.

If you are new to Check Point, click here for a trial license of SandBlast Agent and here for a trial license for SandBlast Mobile.

If you are an existing Check Point customer, you can get your free trial though your user center account.

[1] According to a research done by “dimensional research” in March 2020